How can these frauds be identified? How can they be prevented? What can be done if they occur? Many people ask these questions as they enter bank or credit card information into an order form. They proceed nevertheless, submit the order, make payment, and hope that all goes well and the goods will be delivered under the conditions promised. Symptoms of e-commerce fraud within an organization are the same as we have studied in chapter 5; however the other types are a bit different. Since those frauds regarding organizations are similar to those studied in class, I have focused on fraud targeting individuals or consumers, which ultimately affects merchants when this stolen information is used to make purchases with funds belonging to somebody other than the person making the purchase. The lack of education and safeguarding of information causes financial loss for consumers, merchants, investigative organizations, as well as other organizations that regulate anything which could be related to e-commerce. Symptoms for a merchant can be identified through fraud management tools and screening, and symptoms for an individual are many, and can often be identified before they has been defrauded, but unfortunately for both of these, identifying symptoms and discovering the frauds are too often discovered at the same time. Waiting until credit reports are damaged, bank accounts are drained, payments are disputed or purchases are not received as promised is not the best way to identify fraud. A person or merchant must understand the possible results of their actions and know where to turn if they become a victim of a fraudulent or misleading engagement, or other problems resulting from it. Many people understand that there are illegitimate businesses operating online with fraudulent intents, and they also realize that identity theft is a concern when giving out personal information. What many people don’t realize is that privacy can be hard to obtain if it is strongly valued, and security can be threatened in more ways than often anticipated.
Spyware is one concern of security and privacy. It can install itself when a user clicks on something, and this click can be on almost anything. It often occurs with a click on an advertisement, when downloading or installing a program, or when clicking “I agree” or “agree to terms” on anything that may require this for use. It can record keystrokes, collect passwords, bank and credit card information, or chat and email, or it may simply collect web browsing habits. Information is gathered and transmitted back to the initiator and distributed or sold to anyone with an interest, often with no concern for the third party’s intent. An anti-spyware program can usually detect these programs, and free downloads are usually easy to find and are often bundled with antivirus software. Running scans on your computer regularly are the best way to keep them out. When is the last time you read a user agreement for anything? Personally, I’m not sure I’ve ever read one. I expect the same old “not for commercial use,” and “copyrighted material” rules, but in many cases, there is a lot more involved. Often reading a user agreement or privacy policy provided on a website will help you to understand what and how information is being collected about you and how it is being used. Reading privacy policies will help determine the costs that may be associated with making a purchase or even creating an account with what may be a business that freely distributes your personal information. Some concerning examples I found, such as at www.priorityco.com, states: “Priority Pharmaceuticals, Inc. is your reputable full service distributor of pharmaceutical products, based out of San Diego, California.” I searched unsuccessfully for a privacy policy, but found a clickable link at the bottom of the page, “Site Design by Glimpse Interactive,” At their website I found:
“We offer Search Engine Optimization, Pay-Per-Click Advertising Campaigns, Technology Coaching, Email Marketing Campaigns, Site Statistics Software, Digital Video Services and Content Management Systems to ensure that our clients are on the leading edge of online marketing.”
It is unclear as to what information they are collecting or sharing, but the tracking and profile building of information regarding pharmaceuticals should not be in question. I also found multiple agencies that collect information and sell it such as :
“With over 14 million businesses and 200 million consumers at our fingertips, we have access to anyone and everyone you are looking to target for a fraction of the cost.”
This concerns me in the respect that personal information belonging to me, my family and friends, neighbors and co-workers is being sold, in bulk, in what seems like a dehumanizing way. The trouble with these examples is that this information can be purchased by those intending to defraud others, giving them ample information regarding interests and lifestyles of many individuals. This information can easily be used to present fraudulent schemes to those who would likely be interested.
Security becomes a concern when spyware retrieves personal information, or when a user provides personal information over an unsecured connection. This can lead to unauthorized access to accounts, identity theft, or unauthorized use of bank accounts or credit cards. When deciding to make a purchase or enter personal information anywhere online, it is essential that the user verify there is a secure, or encrypted, connection. Information that is passed across the internet can be intercepted and viewed by others if there is not valid security on the webpage. Entering information such as bank or credit card information, social security number, or passwords can put you at risk. Checking for https:\\ instead of http:\\ verifies a secure connection as well as the appearance of a closed lock on your web browser page. If you question the security of a web page is best not to release information. Calling the business and placing an order over the phone is often an option, and reduces the risks of interception. Payments made for purchases online should be made with a credit card whenever possible; this offers the best consumer protection. It should also be known that a reputable company will never ask for verification of account information via e-mail. If this request is received, information should not be provided.
When making a purchase online, the seller should be evaluated. If it is a business that you trust, you can feel safe placing an order, but when it comes to unfamiliar businesses or internet auctions, there may be cause for concern. Some of the best deals are found in these situations and it would be unfortunate to lose out on them because you just don’t know if it is safe. In the case of unknown businesses, confirm there is an actual physical address and phone number for the business. P.O. boxes should cause worry. Calling the phone number and speaking to a representative may help determine the validity of the business. Read any terms and conditions provided, including warranty liability, and any arbitration or suing restrictions. Look up online reviews of the seller, including a reliability report from the . If it is an internet auction, check ratings of the seller and read any comments posted. Auctions are a very common place for fraudulent activity, so if an offer seems too good to be true or the purchase is large take extra caution. Make sure in all online purchases you read all information available about the product so you know exactly what you are getting. In other words, don’t buy a camera that is an amazing deal because it doesn’t come with the $100 battery that it needs for operation. Check return and refund policies as well as shipping and handling prices. If this information is not provided, contact the seller before committing to the purchase. If everything checks out, print or save all information about the business and the transaction including address and phone number, terms and conditions, product and warranty information, anyone you may have spoken to or e-mails sent or received. Be sure to pay with a credit card. When you get the item, inspect it immediately to be sure there are no problems, and if there are, contact the seller immediately.
What happens when all does not go well? The Uniform Electronic Transactions Act (UETA) has established legal guidelines for electronic transactions. This gives electronic signatures validity and makes them enforceable as if they were paper signatures. Contracts for commerce are regulated primarily by Article 2 of the Uniform Commercial Code (UCC). If there is a violation of a contract, it should be reported to law enforcement immediately. If this problem is related to business, it can be reported to the Better Business Bureau at . If you were defrauded by a business, or made a purchase from a business that never existed, complaints can be filed with the FBI’s Internet Crime Complaint Center or IC3.
Unapproved spending on a credit card or bank account gets a bit more serious. In these cases, action must be taken immediately to prevent further charges. This should immediately be reported to law enforcement as well as one of the three major credit reporting agencies to place a fraud alert. Obtain a copy of your credit report and report any discrepancies immediately. Contact somebody within a security or fraud department for all personal accounts that may have been used or created and cancel them immediately. You will have to fill out forms for all disputed charges so they can be investigated. Putting a stop to identity theft early is the best way to resolve the problems. A complaint should also be filed with the FTC and submitted to the police department with which the original report was filed. Going through these steps and continuously checking credit reports for a significant period of time after these incidents will assist you in getting marks incurred permanently wiped off your credit report and will help you maintain your correct credit score.
The Fair Credit Billing Act makes credit card purchases the safest way to shop online. This federal law applies to all disputes pertaining to billing errors and unauthorized charges. It limits consumer responsibility to $50 and can include charges that were fraudulently made, charges for items that were not delivered as agreed, math errors, fees incurred through payments and credits that were not posted to the account, or charges posted with wrong amounts. The Credit Card Fraud Act is another form of consumer protection that expanded definitions of credit and debit cards to any "access device" which may also include account numbers. It recently increased maximum penalties and detailed harsh repeat-offender penalties. If the perpetrator is found, they will be liable for their actions based on state and federal statutes. Laws governing identity theft are generally governed by state, and have different names, degrees, and penalties.
The US Code has established laws regulating online conduct such as unsolicited advertisements, child protection, unfair or deceptive methods of competition, and interception of communications; however, there does not appear to be many in depth regulations when it comes to online purchases. Ultimately, using caution in choosing conduct in an online environment and ensuring proper security of personal data eliminate opportunity for fraud. As with fraud within businesses, opportunity is the easiest part of the fraud triangle to eliminate. Pressures and opportunities are impossible to control in a global atmosphere full of strangers.
Costs of e-commerce fraud are different depending on the situation. Costs to merchants include tools used to deter fraud, such as the Address Verification Service (AVS) which compares address input with the address listed by the card’s issuing bank. Money is still lost due to fraudulent payments, also presenting a cost to the company.
Costs to credit card companies who suffer from unauthorized use of credit cards and the Fair Credit Billing Act can be substantial, and may involve the loss of money as well as employee labor used to resolve the situation and lawyer fees when necessary. Losses an individual may suffer can be due to stolen funds in bank accounts or other fees incurred by someone who steals personal information. Thousands of dollars in lawyer fees may be required to rectify identity theft situations as well as the possibility of permanent damage to a person’s credit report. Fraudulent phishing scams or other schemes may induce sacrifice of personal information and loss of funds. Consumers may pay for products never received and be forced to eat the costs personally. Ultimately, the FBI recorded $183 million dollar loss to Americans in 2005 alone, with trends that expect to continue to increase.
References:
2005_Internet_Fraud_Report. (2006, March). Retrieved 2/15, 2008, from National Internet Fraud Watch Information Center: http://www.fraud.org/2005_Internet_Fraud_Report.pdf
Cybersource Corproation. (2008, January). 2008 Edition Online Fraud Report. Retrieved 2/12, 2008, from www.cYBERSOURCE.COM: http://www.cybersource.com/resources/collateral/Resource_Center/whitepapers_and_reports/CYBS_2008_Fraud_Report.pdf
Federal Trade Commission. (2008, February). FTC Consumer Alert. Retrieved 2/12, 2008, from Going Shopping? Go Global! A Guide for E-Consumers: http://www.ftc.gov/bcp/conline/pubs/alerts/glblalrt.shtm
National Conference of State Legislatures. (2008, February). Identity Theft State Statutes:. Retrieved 2/20, 2008, from National Conference of State Legislatures: http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm
OnGuard Online.gov. (2008, February). OnGuard Online. Retrieved 2/12, 2008, from http://onguardonline.gov/spam.html
U.S. Department of Justice. (2007, March). Retrieved 2/12, 2008, from FRAUD STATISTICS:: http://www.straightshooter.net/fraudstats.htm
U.S. Department of Justice. (2008, February). common fraud schemes. Retrieved 2/12, 2008, from Federal Bureau of Investigation: http://www.fbi.gov/majcases/fraud/fraudschemes.htm#advance
Uniform Law Commission. (2008, February). Retrieved 2/19, 2008, from http://www.nccusl.org/Update/
www.fraudaid.com. (2007, December). Retrieved 2/13, 2008, from What is spyware and adware and what to do about it:: http://www.fraudaid.com/security_products/articles_information/spyware.htm#badguys